Lecturer Profile |
Dr. Guofei Gu is an associate professor in the Department of Computer Science & Engineering at Texas A&M University (TAMU). Before coming to Texas A&M, he received his Ph.D. degree in Computer Science from the College of Computing, Georgia Institute of Technology. His research interests are in network and system security, such as malware and APT (Advanced Persistent Threat) defense, software-defined networking (SDN) and cloud security, mobile/smartphone security, and intrusion/anomaly detection. Dr. Gu is a recipient of 2010 NSF CAREER Award, 2013 AFOSR Young Investigator Award, 2010 IEEE Symposium on Security & Privacy (S&P'10) Best Student Paper Award, 2015 International Conference on Distributed Computing Systems (ICDCS'15) Best Paper Award, and a Google Faculty Research Award. Dr. Gu is an active member of the security research community and he has served on the program committees of top-tier security conferences, such as the IEEE Symposium on Security and Privacy (S&P), the ACM Conference on Computer and Communications Security (CCS), USENIX Security Symposium, and the Network and Distributed System Security Symposium (NDSS), among many others. He is an Associate Editor for IEEE Transactions on Information Forensics and Security and a Steering Committee co-chair for International Conference on Security and Privacy in Communication Networks (SecureComm). He is currently directing the SUCCESS (Secure Communication and Computer Systems) Lab at TAMU. |
Lecture Abstract |
Most cyber attacks, fraudulent activities and APTs (advanced persistent threat) on the Internet are carried out by malware. For example, botnets, the state-of-the-art malware, are now the primary "platforms" for cyber attacks such as spam, DDoS, and data theft. Most of our current solutions to cyber defense are still passive and reactive, focusing on defending against known attacks. The situation is becoming worse and worse because the economic engine of profit-driven cyber attacks are quickly transforming the threat and defense landscape to favor more and more attackers, as they enjoy many fundamental advantages over defenders (known as asymmetries of security). In this talk, I propose to put more research focus on "proactive" cyberspace defense strategies and develop "game-changing" defense approaches to go ahead of attackers (instead of always following them). In particular, I will introduce some case studies of such proactive cyber defense techniques developed in my SUCCESS Lab. For example, I will present new proactive network probing techniques to detect malware at an early stage before it is controlled (to carry out malicious activities). We propose new techniques to extract Malware Control Birthmarks (MCBs) from malware, and use them for active, robust, fast and scalable malware detection. I will also present our new techniques so that we can actively detect Internet-wide malicious cyber infrastructure even before they are used/known.
|